codeflow
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the CodeFlow tool from its official public GitHub repository (https://github.com/braedonsaunders/codeflow.git) during the installation process. This is a documented and necessary step for the tool's self-hosting functionality.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute an installation script (scripts/install.sh) which performs repository management using git and launches the application using system openers like open or xdg-open.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external repositories and local file systems.
- Ingestion points: Untrusted data enters the context when the agent reads files, markdown documents, and pull request information from codebases.
- Boundary markers: There are no specific delimiters or instructions provided to the agent to distinguish between its instructions and the data being analyzed.
- Capability inventory: The skill allows the use of powerful tools such as Bash, Write, Edit, and Grep, which could be exploited if the agent follows instructions hidden within a processed codebase.
- Sanitization: No validation or sanitization of the analyzed content is performed prior to the agent's interaction with it.
Audit Metadata